ClawHub

Crypto Alert

Security checks across malware telemetry and agentic risk

Overview

This crypto alert skill is mostly purpose-aligned, but it needs review because its docs are inconsistent and its alert-setting script can mishandle crafted input in a way that may run local code.

Install only if you are comfortable reviewing or patching the scripts first. Use simple token names, numeric thresholds, and non-sensitive alert messages; do not add Telegram credentials to this package as shipped. Remove ~/.crypto-alert-state.json if you want to clear saved alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises executable behavior involving shell commands, network access, and local file writes, but does not declare corresponding permissions. This weakens transparency and informed consent, making it harder for users or platforms to assess the real attack surface before installation or execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior materially differs from the stated purpose: the skill claims Binance-based monitoring with no API key requirement, but the documentation references CoinGecko, local state storage, stdout behavior, and optional Telegram credentials. Such mismatches are dangerous because users may trust the manifest while the actual implementation handles different data, stores state unexpectedly, or requires secrets not disclosed up front.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest says the skill uses Binance, while the body documentation says it uses CoinGecko. This inconsistency can mislead users, reviewers, and policy enforcement about what external service is actually contacted, undermining trust and making network behavior harder to validate.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest claims no API key is required, but the documentation instructs users to configure Telegram bot credentials for alerting. Even if optional, this is security-relevant because it changes the credential-handling model and may cause users to expose or store secrets without adequate warning.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill omits an explicit warning that enabling Telegram alerts requires storing sensitive bot credentials and a chat identifier. Missing this disclosure can lead users to place secrets in insecure local files or commit them accidentally, increasing the risk of credential leakage and unauthorized messaging abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal